Logo Data Protection and Privacy in the developing world International Conference of Data Protection and Privacy Commissioners, Mauritius. 14 October 2014 © GSMA 2013 Restricted - Confidential Information © GSM Association 2013 All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy GSMA By The Numbers 7.2 3.6 © GSMA 2013 2 ASEAN Our ASEAN people, in all their diversity and creativity, are the most crucial factor on our journey. We need to continually engage the private sector as the key partner in making the AEC success © GSMA 2013 Data Protection and Privacy: patchwork of laws, regulations and industry approaches • Provides individual rights • Obliges transparency of processing • Imposes data minimisation and purpose limitation • Can process only by consent/contract/lega l obligation • Restricts overseas transfers • Security obligations • Data Retention and law enforcement obligations • Mandatory SIM Card Registration (biometric) • Restrictions on use of data for VAS without consent • Restrictions on 3rd party sharing of data • Network and communications security • Prohibitions on overseas transfers • Prior approval to deploy bulk encrytption © GSMA 2013 • SIM Card Registration • Access to private sector data • eGov services • eID Data Protection law Government ePrivacy/Telco regulation/licence conditions/Codes of Conduct Standards/vertical • OpenID Connect • ISO 29100 Privacy framework • ISO 29101 Privacy architecture framework • ISO 24760 A framework for identity management • Healthcare, education, banking • ETSI/3GPP/IETF/IEEE It’s not just about the law: consumer attitudes matter © GSMA 2013 GSMA approaches © GSMA 2013 Mobile – is it different? © GSMA 2013 Thank you pat [at] walshe [dot] gsma [dot] com www.gsma.com/mobileprivacy © GSMA 2013 8